Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Mantis view_all_set.php Multiple Variable XSS

Network Security News – Saturday, February 18, 2006 Events

Mantis view_all_set.php Multiple Variable XSS

Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'hide_status', 'handler_id', 'user_monitor', 'reporter_id', 'view_type', 'show_severity', 'show_category', 'show_status', 'show_resolution', 'show_build', 'show_profile', 'show_priority', 'highlight_changed', 'relationship_type', and 'relationship_bug' variables upon submission to the 'view_all_set.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23248

Siteframe User Comment comment_text Field XSS

Siteframe contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'comment_text' variable upon submission to the User Comment. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23267

Mac OS X Kernel Undocumented System Call Local DoS

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a local user invokes an undocumented system call, and will result in loss of availability for the platform.. Read more at osvdb.org/23190

MyBulletinBoard (MyBB) calendar.php Advanced Details Link XSS

MyBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "advanced details" upon submission to the calendar.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23264

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *